Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Status
titleon HOLD

IN PROGRESS

DONE

No

Work item

Responsible

Comment

Status

Start date

End date

1Preparation of documentation - based on the SA2 Service Template







Service Description

-Development team prepares

-SM signs off

See section 1 of eduroam Managed IdP Service Description
Status
colourGreen
titleDONE


09 July 2018SM
ready to sign
signed off

Service policy (Terms of use, SLA)

-Development team prepares

-

GEANT T&I operation support/Core team

SM signs off

Separte policies for NROs, eduroam Managed IdP administrators and end users are described at eduroam Managed IdP Service Policy.

Terms of use for NRO admins is published at:
Terms of use for IdPs and end users is presented in the web UI of the service, and also at:
Status
colourGreen
titleDONE


09 July 2018SM
ready to sign
signed off

Branding and Visibility

-Development team prepares

-SM signs off

Web page text at https://www.eduroam.org/eduroam-managed-idp/

Status
colourGreen
titleDONE

09 July 2018SM
ready to sign
signed off

Operational Requirements

-Development team prepares

-SM

and core team sign

signs off

documented here

Status
colourGreen
titleDONE

Feb 2018SM
ready to sign
signed off

OLA

-Development team prepares

-SM and GEANT T&I operation support/Core team sign off

https://docs.google.com/document/d/1ZlRTAEIjyd3wXiK4d0XnUJpFwRuXfWRniRRiYht21x8/edit

IN PROGRESS

(dev team done, awaiting sign-off)

The aim is to standardize across the T&I services.

Sep 2018Nov 18

eduroam Managed IdP OLA

Status
colourGreen
titleDONE

Sep 2018

SM signed off

GEANT T&I operation signed off


Operational documentation

-Development team prepares

-SM signs off, test team can validate

Dev team prepared this in the corresponding Wiki page

Status
colourGreen
titleDONE

10 July 2018SM
ready to sign
signed off

Operational processes

-Development team prepares

-SM signs off, test team can validate

Need to define: service order (what happens from point of interest to service availability for a customer) and support process. Marina sent the questionnaire prepared by the Task 4 to Stefan to provide the info and Task 4 can draw the flow charts.

The questionnaire is here.

Not required for production sign-off.

IN PROGRESS

Status
colourGreen
titleDONE

(dev team done, awaiting sign-off)

10 July 2018
Awaiting
SM
sign-
signed off

User documentation

-Development team prepares

-SM signs off, test team can validate

A guide to eduroam Managed IdP for federation administrators was created in the eduroam wiki (common to eduroam CAT and eduroam Managed IdP as their NRO-level appearance is nearly identical)

A guide to eduroam Managed IdP for institution administrators - to be created in the eduroam wiki (similar like for CAT)

A guide for the end users is not needed, it is embedded in the GUI.

Status
colourGreen
titleDONE

11 July 2018SM
ready to sign
signed off

User support

-Development team prepares

-SM signs off, test team can validate

Prepare the FAQ for the first level support. List is available here.  Add them to the current FAQ that service desk uses + enable service desk to check by themselves if a user's IdP is managed eduroam IdP
Status
colourGreen
titleDONE


10 July 2018SM
ready to sign
signed off

GDPR - data inventory, privacy notice, DPA

-Development team prepares

-GDPR accountable and SM signs off

 - DPA?

The main eduroam privacy notice was updated.

Signed off by the GDPR team on 26th of November 2018. Needs to be published in the eduroam site after the official launch.

DPA will be done together with the eduroam service DPA.

eduroam Privacy Notices - Changes for Managed IdP

Status
colourGreen
titleDONE


To be published at the eduroam site after the PLM gate!

June 2018

GDPR team signed off

2Test and validation





Make a test plan

Development team and Test team prepares

Testing of the code was done

26.10 2018 - the web front is ready for the pen testing Marina Adomeit to get status report from Marcin Wolski

when new version of CAT v2.0 was tested as there use the same code base - no critical issues.

The testing of the UI and usability was also done. There are no bugs,

improvements to be feeded for the next releases.

Stefan notes: The RADIUS servers have a quite sophisticated entry point - their only link to the outside world is a RADIUS/TLS connection on port TCP/2083 and they are very selective in from whom they accept a TLS connection in the first place (eduPKI certificates only).

recommendations for UI improvements were implemented by the Development team.

Pen testing done - no critical issues

I don't think there is a tool in existence which copes for that, *and* can then send penetration-relevant payloads in the resulting TLS tunnel

.


Status
colourGreen
titleDONE

Status
colourYellow
titlePen in progress

Status
colourGreen
titleUI DONE






SA2/Task 1 test team signed off

3IPR compliance checking





IPR compliance

IPR accountable

Route the request through GEANT T&I operation support/Core team

Stefan Winter prepared the IPR request (what are the software components, libraries, tools used) on this page.

Alan confirmed Shaun has approved on 06.11.18

Documentation: eduroam Managed IdP - IPR

Status
colourGreen
titleDONE


11 July 2018IPR team signed off
4GDPR compliance checkingGDPR accountable




Data inventory and mapping
Data inventory is already prepared; with Nicole and Ana to carry out assessment

Status
colourGreen
titleDONE




Update the privacy notice

Marina emailed Ana 16.11.18 requesting approval of final changes to privacy notice.

and DPA

Look at the 1 - GDPR

Publish once the production gate is passed.


Status
colour

Yellow

Green
title

In progressPrepare the data processing agreementShould be part of the OLA. Nicole Harris has a template data processing agreement she can share.

DONE


GEANT T&I operation signed off

GDPR team sign off

5Operational team establishment





Appoint service managerOperations accountable

It comes under the eduroam service family and existing service manager.

(Miroslav Milinović)

Status
colourGreen
titleDONE

(Miroslav Milinović)

SA2 AL signed off

Define roles, skills, manpower neededDevelopment teamAs per current team for the skills, but additional time would be needed.

Status
colourGreen
titleDONE


SM signed off

Appoint operational team members

SM

It could be done by the Srce & Maja/Tomasz team - for GN4-2, for GN4-3 it should be defined and clarified. (Dubravko could be Radius, Dragan for the system upgrades).

Anticipating contribution at 0.45FTE from both Tomasz and Maja for GN4-3.

The development support will be needed by Stefan&Tomasz

Status
colourGreen
titleDONE


SM signed off
6Operational team training





Training the operational team

Development team prepares

eduroam-OT is trained

TBD,over couple of VC should suffice
Not needed.

SM signed off
7Support team establishment





Establish the support team

Level 1

will

done by the

SD

GEANT Service Desk, L2 will be over the eduroam-ot, L3 will be via the development team

Note: After PLM enter production gate, SM to notify L1 that the service production started

Status
colourGreen
titleDONE


SM signed off
8Support team training





Training of the support team

Development team prepares

eduroam-OT is trained

TBD,over couple of VC should suffice

Not needed.

Status
colourGreen
titleDONE


SM signed off
9Deployment in production environment
Central monitoring StatuscolourYellowtitleIn progress






Monitoring set up

GEANT T&I operation support/Core team

Plan A : monitoring core team

Plan B can be covered by Miro - Nagios by Srce. Advance with this option.

Specific monitoring need to be scribed by the development team

eduroam-OT

Provided by SRCE as part of the eduroam-OT

Image Added


SM signed off

GEANT T&I operation signed off


Back-up and restore
core team
eduroam-OT

VM snapshots are backed up by GEANT IT as defined in the GÉANT PoP Backup policy.

Daily database snapshots are additionally kept at monitor.eduroam.org host.

should be provided by the GEANT IT

Perform a smoke test to test the restore process as a whole!! The idea is to take a machine down and ask GEANT IT to restore.

Dick Visser is leading. OCSB machine is the best candidate.


Status
colourYellow
titleIn progress

Resource inventory configuredcore teamwhen available by the core team, not a requirement for production

07.12.18 - GEANT IT confirmed machine will be restored. Dick to confirm when complete.


SM signed off

GEANT T&I operation signed off

Statustitleon HOLD


VM provision


GEANT T&I operation support/Core team

Plan A:

GEANT IT VMs

- going ahead with this option.

Plan B: Cloud VMs


Status
colourGreen
titleDONE



SM signed off

GEANT T&I operation signed off

Plan C: SURFNet

GEANT IT VMs were made available on  

Status
colourGreen
titleDONE


Installation of the components

Stefan, Tomasz, Maja

IN PROGRESS.

SMS service has been ordered and awaiting payment of bank transfer by GÉANT.

Status
colourGreen
titleDONE




Raspberry Pi for the root CA

Development team

GEANT T&I operation support/Core team

GEANT T&I operation support/Core team: can organise the root CA creation ceremony, and safe offline storing of the Raspberry PI (in a safe).

Dick Visser will see if there is a safe in the GEANT AMS office. If not, SA2 can purchase one.

In eduroam IdP Operational Processes page there is detail on setting up the CA.

key ceremony took place 2nd November.

Status
colourGreen
titleDONE

stefan/miro needs to write up this in details ...

SM signed off

GEANT T&I operation signed off

key ceremony took place 2nd November.

10Service Promotion





Web site update

Karl and Justin

Prepare all in the eduroam PR site, but publish when the production gate is passed. Web page draft at https://www.eduroam.org/eduroam-managed-idp/

Marina Adomeit

will talk to Karl about tweaking the web page before production

On the eduroam Managed IdP webpage add that the service is free of charge for up to 10,000 user accounts per NRO, and that it is up to the NRO how those 10,000 accounts are spread across their institutions.

The page should then go under the Support menu, underneath CAT.

To be linked from the eduroam for NRO page and eduroam for institutions. On the institutions’ page, note that the institution needs to talk to their NRO to get the service, as the relationship is between GEANT and the NRO.

, Miro and Karl prepared the final version only waiting to be published.


Status
colourGreen
titleDONE

To be published at the eduroam site after the PLM gate!


SM signed off
IN PROGRESS

Add the service to the partner services portfolio

Justin

Added to the partner portal. In staging area ready to go live when service goes into production.

Status
colourGreen
titleDONE

To be published at the eduroam site after the PLM gate!


SM signed off

Contact the people/NRENs who took part in the infoshare to update them on service availabilityPartner Relations

Two communications:

First to the participants who joined the infoshare to say that the gate is passed and service is coming

Second upon launch to the GEANT partner list.

Status
colourGreen
titleDONE

JK

emailed

arranging with Nathalie

14

10.

11

12.18

To be published at the eduroam site after the PLM gate!


JRA3 signed off

Update
the
eduroam flyer with the managed service element

Silvie





Status
colourGreen
titleDONE



SM signed off

Slide deck from the infoshares that can be sent out by Partner Relations to partner NRENs when service is liveJustinAvailable

Status
colourGreen
titleDONE

To be published at the eduroam site after the PLM gate!


JRA3 signed off

Training/info video to put on the websiteKarlLower priority; not needed for production.



Article for CONNECTJustin and Karl

Went into October CONNECT

Status
colourGreen
titleDONE


JRA3 signed up

Launch announcement in Tryfon's weekly email when reachedJustin and Tryfon
Silvie will help co-ordinate.
Arranged with Karl and Nathalie 10.12.18. Karl will prepare text, Marina to confirm when gate approved.


Status
colourGreen
titleDONE

To be published at the eduroam site after the PLM gate!


JRA3 signed off

Twitter #love2eduroam upon launchKarlNot required for production gate.



Promotion via the eduroam-SG, by the service managerMiro

Miro has let the SG know to expect this. There are meetings in November and December.

In progresss

Status
colourGreen
titleDONE


SM signed off

A slide describing the service for the partner relations team (as part of the general GEANT services slide deck)Karl

Status
colourGreen
titleDONE


JRA3 signed off

Decision about the geographical scope of the service offer - who can use the serviceKlaasKlaas confirmed 10.09.18 that the service can be offered to non-GEANT partners. The user cap of 10,000 will apply to all.

Status
colourGreen
titleDONE


GEANT Chief Community Support Officer signed off.
11PLM Documentation





CBA update

Costs and funding excel

Roadmap

Justin Knight

CBA, costs and funding sheet, and roadmap all updated and put on JRA3 PLM staging site. Alan Lewis has reviewed and is content.

JRA3 PLM Staging Area#emidp-production-gate-documents

Marina Adomeit will, after the PLM gate, move the documentation from the JRA3 PLM staging site to the eduroam wiki pages.

Status
colourGreen
titleDONE


GEANT PLM signed off